For nearly two years, medical device companies have adhered to stricter cybersecurity requirements after Congress established new rules for manufacturers and granted the Food and Drug Administration increased authority to enforce them.
The rules took effect in March 2023, making 2024 the first full year of compliance. Some of the changes include requiring device makers to provide plans to monitor and address cybersecurity threats and include a list of components that make up a device as part of product submissions, called a Software Bill of Materials (SBOM).
Nastassia Tamari, director of the Center for Devices and Radiological Health’s Division of Medical Device Cybersecurity, said in an interview with MedTech Dive that device manufacturers have responded well and are prioritizing cybersecurity throughout a product’s entire lifecycle — from design to…
